Posted
by
Zonkon Tuesday March 15, 2005 @02:54PM
from the at-least-they're-trying dept.

gpmac writes "AOL has responded to the recent slashdot attention. America Online Inc. plans to make three small but significant modifications to the terms of service for its AIM instant messaging product to head off a firestorm of privacy-related criticisms. The tweaks to the terms of service will be made in the section titled "Content You Post" and will explicitly exclude user-to-user chat sessions from the privacy rights an AIM user gives up to AOL."

Except for the fact that they are changing their TOS and you are bound to these changes without your consent. Next time they could just as easily add in an evil clause, and if you complain then they can cite your complicity this time around.

Even though they are on the surface doing something good, it is still setting a bad and dangerous precedent.

I've already stopped flirting with girls on IM. Although, I am working on a secret code. People that intercept my instant messages won't be able to understand a word I'm saying. I'll replace "you" with "u", "that's funny" with "lol", "skate" witk "sk8." Things like that. All in the name of privacy.

How true! Still, it's the best government money can buy. I think the Ironic Times [ironictimes.com] explained it well in their latest issue:

Last week we mistakenly reported that lobbyists, representing minimum wage workers who contributed heavily to lawmakers' reelection campaigns, used their clout to force a robust increase in the minimum wage. In fact these workers have no lobbyists, no money to contribute and no clout to use, and the bill favors business interests. We apologize for any confusion resulting from the error

hmmmm... maybe then I'll construct a language where I'll drop consonants from the ends of my words, and on occasional words, I'll take the first consonant-sound of the word I mean to say, and replace the rest of the word with "izzle". It'll be so inane that Microsoft will never guess it....

"We're not making any policy changes. We're making some linguistic changes to clarify certain things and explain it a little better to our users," AOL spokesperson Andrew Weinstein told eWEEK.com.

Hmmm, is it just me or does this look like making things look better ? From my experience, lawyers usually pay a lot of attention on the things they write, and especially these kind of mistakes are the ones that plainly don't happen in published legal documents...

From my experience, lawyers usually pay a lot of attention on the things they write, and especially these kind of mistakes are the ones that plainly don't happen in published legal documents...... unless they wanted to trick you into it, ofcourse.

No, you are full of crap. If a lawyer says, "Sign this document, and we'll execute contract A," and then has you sign a document actually only authorizing contract B, the signed document would be thrown out in court. If the lawyer knew about it, he might be liable, and he might be guilty of fraud.

Once AOL publically said, "No, we have not and will not read AIM chats," it better have been the truth, otherwise they could get turned inside out in court. No matter what their privacy policy said.

No, you are full of crap. If a lawyer says, "Sign this document, and we'll execute contract A," and then has you sign a document actually only authorizing contract B, the signed document would be thrown out in court. If the lawyer knew about it, he might be liable, and he might be guilty of fraud.

But in this case, isn't it rather one contract you agreed to, which had a certain sentence which could be interpreted as 'all your messages are belong to us', which they now changed ?

But in this case, isn't it rather one contract you agreed to, which had a certain sentence which could be interpreted as 'all your messages are belong to us', which they now changed?

Yes, exactly, except that they also publicly claimed that their privacy policy could not be interpreted as "all your messages are belong to us". If someone went after AOL for repurposing their AIM conversation, and AOL, in court, said, "But look at our privacy policy!", plaintiff would only have to say, "But look at your press

In a way you are right. With enough time and money in such a case you can prevail. But often such clauses could get a case thrown out before even being accepted as "obviously frivolous". (I'm not quite sure what I mean here...I might mean it would be hard to find a lawyer willing to take the case, partially because when he first looked at it it would be an obvious loser, and partially because it would be a threat to his license).

But even where you are right, this makes any case much more expensive to pr

If admitting you are an idiot (which you are for not reading) gets you out of a difficult legal issue, I'd think that you'd suck up your pride and admit it. The real issue isn't whether you can admit it, its whether a judge will believe you.

The legal department wanted to be sure they had the right to do everything they might do, even if they're not remotely likely to do so. Their only concern is that they don't get sued.

Unfortunately they didn't consider what the response public would be is someone actually read the legalese. Considering that isn;t their job. The public image of AOL is a marketting matter. Not a legal matter.

As is often the case in large companies, the left hand didn't know what the right hand was doing.

From what some people posted in the original/. discussion, it appears that the terms never applied to IM communication.

I think the problem is not that it wasn't worded clearly before from a legal standpoint, but that people weren't paying enough attention to the part that said that the new terms only applay to this, this, and that other service, which didn't include AIM proper.

Before spreading any more FUD, I suggest you actually read the part of the TOS in question. It is not perfectly clear, but it is clear enough that this entire series of events should never have occured.

This incident has proven to me that not only is the cliche about nature building better idiots is true, but in today's web space there are a seemingly infinite number of bloggers who will run a panic story without checking the facts first.

The collective voices of thousands of "Little People"(tm) made a differance on a huge company. This is a trend that I would love to see continue accross the board, a large company careing about their customers.
Props to AOL, looks like I can once again log in and chat without fear of them retaining rights to it.

Not to quote the lion's share of the article here, but there are some things that need to be seen...

The tweaks to the terms of service will be made in the section titled "Content You Post" and will explicitly exclude user-to-user chat sessions from the privacy rights an AIM user gives up to AOL.

"We're not making any policy changes. We're making some linguistic changes to clarify certain things and explain it a little better to our users," AOL spokesperson Andrew Weinstein told eWEEK.com.

The modifications will use similar language from the AIM privacy policy to "make it clear that AOL does not read private user-to-user communications," Weinstein said.

[...]

More importantly, Weinstein said a blunt and inelegant line that reads "You waive any right to privacy" will be deleted altogether.

"That's a phrase that should not have been in that section in the first place. It clearly caused confusion, with good reason," Weinstein conceded.

[...]

Justin Uberti, chief architect for AIM, also joined the discussion, admitting the controversial section of the terms of service was "vague" and needed to be reworded.

Uberti explained on his Weblog that the amount of IM traffic on the AIM network "is on the order of hundreds of gigabytes a day."

"It would be very costly, and we have no desire to record all IM traffic. We don't do it," Uberti wrote.

For AIM users who remain distrustful, Uberti pointed out that the application offers Direct IM (aka Send IM Image) and Secure IM in all recent versions.

"In other words, you can send your IMs in such a way that they never go through our servers, and/or are encrypted with industry-standard SSL and S/MIME technology. I know this since I designed these features. There are no backdoors; I would not have permitted any," Uberti said.

...Juberti's blog [aol.com] (the chief architect for the AIM service):

AIM Privacy and Slashdot

OK, I am getting tired of hearing about how "The new AIM TOS allows AOL to have all rights to anything you say on IM, AOL reads/stores all your IMs, etc."

I take this kind of personally, because that is not something I would want to be associated with.

First off, that blurb in the TOS only refers to AIM forum posts, not IMs. I agree that it is vague and should be reworded to be clear.

Second, the amount of IM traffic is on the order of hundreds of gigabytes a day. It would be very costly, and we have no desire to record all IM traffic. We don't do it.

Thirdly, if you still don't trust us, we have Direct IM (aka Send IM Image) and Secure IM in all recent versions of the AIM software. In other words, you can send your IMs in such a way that they never go through our servers, and/or are encrypted with industry-standard SSL and S/MIME technology. I know this since I designed these features. There are no backdoors; I would not have permitted any.

I am saying this as a concerned invidual, and not as a corporate mouthpiece.

That's all very nice, but we have only his word - yet another reason why OSS is superior when you are concerned about privacy. I don't particularly trust anyone who works for AOL, not because I think they are automatically bad people, but because AOL has done enough bad things that the odds that any individual employee of AOL is "bad" are too high to carry on in any other fashion. Paranoid? Maybe, but paranoia is often a useful policy.

It's my understanding that GAIM has it's weaknesses, and that you should use something else instead. Unfortunately, I wasn't interested enough to remember either what the crypto weakness of GAIM was, or what the alternate client was that was recommended.

I was, however, mentioned during the prior/. discussion, if you're interested enough to ferret through that.

AOL could easily afford to store hundreds of gigs per day. If they're sticking it on SATA HDs, they can store 200 GB/day for about $40k/year. Call it twice that for redundancy. That's nothing in AOL terms.

AOL could easily afford to store hundreds of gigs per day. If they're sticking it on SATA HDs, they can store 200 GB/day for about $40k/year.

And because they can do it, they of course are doing it?

Don't be silly. The previous poster's point was that they can do it, so protestations that they can't do it are mistaken at best. Whether or not they do do it is not a matter of technical capability. They can if they decide to.

that's just the cost of storage, there are also issues of actually implementing a system to do the logging on all the servers in such a way that doesn't degrade performance and logging in such a way that is actually usefull. I highly doubt that they'd be able to search through thousands of flat text files on hundreds of servers very quickly or efficiently.

The tweaks to the terms of service will be made in the section titled "Content You Post" and will explicitly exclude user-to-user chat sessions from the privacy rights an AIM user gives up to AOL.

Amidst all this talk of privacy, people seem to be missing the significant copyright issue in this story. AOL is claiming that they own all the rights, i.e., they own the copyright, for anything "posted" to a discussion.

So if you copy a brief exchange in an AOL discussion, and send the exchange to someone else

They have already proved in court, many many times, that you have no expectation of privacy in such things as email and instant messaging. I'm not sure why were even discussing this.

"Law and Order"? If I thought you where an US citizen (sorry, but there are many more Americans than US citizens) I would have to believe that you are serious. But since you clearly are European (you know, from the "old Europe" where governments actually listen to the population), I'll have to mod you as +1 Funny.

The American vs. US citizen crusade is tired and old. Plenty of languages have anachronisms, especially for nationalities. Most Slavic languages' word for "German" is directly related to the word "mute," the English name "Holland," in Dutch, actually refers to a place in the Netherlands, the adjective "Dutch" is a misinterpretation...
Languages evolve sometimes to mean things other than their literal and obvious meanings. In this case, the term "American" has been adopted to mean "one of the United Stat

In this case, the term "American" has been adopted to mean "one of the United States of America." And honestly, with good reason! The USA was the first country in America, therefore if anyone can claim that title, it should be them. Your argument is affected and arbitrary. Go fight for a real cause.

A childhood friend of mine studied at an US (Texas) university in the late eigthies. He summarized it like this "The US has some very great universities, but their high school system is awful." You're an ex

the term "American" has been adopted to mean "one of the United States of America."

You can adopt whatever you want. It does not automatically follow that people from other countries in the (North/Central/South) American continent have to follow, agree or refrain from finding you ridiculous...

The difference is that our country name has the word "America" in it, hence, the American nomination. People from South America call themselves Brazilians or Columbians, not South Americans. Oh, wait... I forgot. Anything that is against the USA is insightful. Get a life, get a clue.

Oh, come on - you shouldn't call yourselves "North Americans" either - there are the Canadians and the Mexicans sharing the northern subcontinent with you. And, obviously, the people who live in South America does not call themselves by the continent name - it would be unpolite and unseemly. But then again, being "American" means you don't have to care about what other people think, right?

The continent is called "America" - those who live in it, all of it, are then "Americans". Simple. People born in Germany are both Germans and Europeans, as the Chinese are also Asians. This way, Brazilians and Colombians are as Americans as any former Texan Governor...

Hopefully folks will appreciate the amount of sway that a good argument does have at AOL. If it wasn't for public discussion the TOS probably would not have been changed. But the public discussion happened and there will now be a more specific TOS statements. I wish folks would always give AOL a chance instead of immediately bashing. Was this enough to buy some good will from folks for the future?

I believe they meant that in public chatrooms or in forums, content that you say or post is public.

As explained in detail in the AIM Privacy Policy, AOL does not read your private online communications when you use any of the communication tools on AIM Products. If, however, you use these tools to post Content or other information to public areas on AIM Products (for example, in chat rooms or online message boards), other online users will have access to this information and Content.

I'd already read a number of the stories about this at news.google.com, and very few of them mention any change to the TOS. Rather, they spin it as a customer "misunderstanding" of AOL's privacy rules. They've said that AOL is merely "clarifying" the rules, with no mention of any changes.

OTOH, there is now one story listed, from p2pnet.net, that uses the word "modify". So maybe the real story will be reported by a few tech news sources, while the general media will report it as a misunderstanding that is being clarified.

It was a misunderstanding. AIM never wanted to spy on you. They just wanted legal protection for other aim products like (as the new TOS points out) rate a buddy.
Basically what they always ment to say is that if you put your picture on rate a buddy then we have the right to use that picture how ever we want.
The problem was that it wasn't clearly worded that only public postings could be used in this way by AOL.
So they aren't trying to spin this, what they're saying is the truth.

But the AOL TOS actually states that by "posting Content on an AIM Product", you "grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium".

In other words, AOL claims the copyright to anything you send using "an AIM Product". You have no right to use even your own words, and AOL can do with your words as they like. You can't save or send a friend a copy

First off you don't lose the rights to what ever you post you only give AOL the rights to use it as well.
But anyway. What they originally ment by 'posting Content on an AIM Product' was public content.
Think about it. If you post a message on a message board and don't give the company the rights to display your message.... how are they suppose to legally show it?
The misunderstand was that the original TOS didn't specifically say that only public postings would be used, but that is what they ment. So th

That one works too. The stupidity factor weighed in heavily, but could have been offset to an extent if the laziness factor hadn't set in. In combination, they are the most unstoppable force in the universe (or is it unmoveable - I can never remember)

where in the article did it say that slashdot was the motivating force? i read that it was just received a "firestorm of privacy-related criticism". please, this might be a popular site, but don't take credit where none is deserved. especially when the article never mentioned any group in particular. i am sure slashdot was one of MANY groups, organization, sites, etc. that complained. but in no did it change it's policy just because of slashdot...

Now what about Google Desktop, Deadaim, et al that record your conversation? People saying that they're home-free from being haunted by their words later on are sadly mistaken. Just because AOL isn't listening doesn't mean someone else isn't.

Not even 1 million. Think about all that text. I'm sure you could compress the hell out of all that data and you would be able to store it. Why would they store raw data when they could compress it down?
I bet they are able to Tap connections and peer into what people are talking about if they have the capability to monitor the raw traffic being sent.
If it's an option they have then I'm sure some sysadmin or tech guys is going to be using it.

Not to mention the fact that anybody forced/paid to read even a tenth of a percent of that crap would go apeshit in just one day of reading all that inanity.

Now, back to reading slashdot...

Please tell me that I'm not the only person who did a double-take reading that, and that the effect was intentional? On a completely unrelated topic, what's the best way to clean Mt. Dew off of a monitor?

OK, a gig of disk costs a dollar, retail, more or less. 500 gigs, let's see. $500. $183k per year. You think that's a lot of money for AOL? That's like the loaded price of one senior engineer. (And that's before buying the disks in bulk or compressing the data.)

Try again, factor in the costs of running the storage farm, maintainence, keeping the data safe, actually setting up the system to even do the archiving, factor in bandwidth costs that this facility would suck down, not to mention the costs of even having the facility.

You just didn't even begin to factor in anything but the pure cost of 1 gigabyte in some situations, a 500 gig drive is not $500.

Yes, my math was fuzzy, I was offering an estimate. My math was not wrong. (The "one million" was a silly Austin Powers joke, as I mentioned above.) The actual cost of a raw gig is way less than a dollar (and always falling), and I allowed for the fact that I wasn't even talking about compressed data. I am aware that storing large amounts of data is more than just the cost of the media, but still, the AOL guy implied that it wasn't financially feasible for AOL to store the data, and I'm claiming that fo

I'm feeling pretty pleased with the effects I've seen from a post on my previously barely-read blog [benstanfield.com].

My latest post on the AIM matter celebrates another important victory by the blogosphere. In just two days, I helped to direct enough attention to the bad sections of AIM's privacy policy that they're now changing it. While I started the fracas, it wasn't me, but the cacophony of voices that picked up on the story and helped to get the attention of AOL.

But the change was made in 2004. A year ago. The whole "just because they SAY they won't doesn't mean that they won't ever do it!" line is kind of old as well.

Welcome to the Internet. Slashdot can change its privacy policy at anytime. There are dozens of other companies out there that have almost identical AUP texts in place. Yahoo's AUP comes to mind. Nothing is stopping any internet company from doing whatever they want with the data.Fact is, AOL has no business need to monitor AIM conversations. Why wou

That's an improvement. But, wouldn't it be better (from a user rights and privacy perspective) to explicitly state the areas they DO take ownership of your data in, rather than only excluding this one area? The default case should be that they don't own your data. With excluding only AIM, they still leave the default case for all other services to be that AOL owns your data.

It's sort of like opt-in vs. opt-out. I prefer that anyone using my personal information or data be required to get my explicit permission to use it, rather than requiring me to contact each and ask them to not use it.

Last summer we reviewed using Yahoo's small business product to host our site, and handle our email, but their TOS had the same boilerplate in it. It required that anything we had on their system -- files, website, emails was available for them to resell or republish as their own content. Obvious non-starter, and our complaint about the issue was ignored so we didn't use the service.

America Online Inc. plans to make three small but significant modifications to the terms of service for its AIM instant messaging product to head off a firestorm of privacy-related criticisms.

In an earlier slashdot article (too lazy to get the link), it was mentioned that the terms of service was misinterpreted by someone, and that it was *never implied* that private IM conversations were to be snooped upon, saved, or so forth.

We never lost out privacy, some idiot just misread it and this most recent change is in an attempt to make it "idiot-proof" for the future.

I believe you're suggesting that I'm that "idiot," since I'm the guy who read the Terms of Service on Friday and posted the blog entry that set off this brouhaha.

While your propensity for name-calling is no doubt unequaled, your ability to state the facts in this case is not so good.

Every legal analysis I've seen so far from real lawyers (here's one [macslash.org], and here's another [eweek.com].) says that my interpretation of the Terms of Service was correct, and the AOL spokesperson was misleading.
So, sorry to inform you that there was, in fact, no misreading. However, I may still be an idiot. The jury's still out.:)

So many people are going "YAY THE LITTLE GUY WON!", well no the little guy didn't do ANYTHING! AOL was never going to read how little janey is sleeping with Jamie today but Dave tomorrow. They couldn't careless what crap you put in an IM as long as you click an ad once in a while.

Changing a couple of words (AKA addding "oh the forums") doesn't mean "the little guy won". It means AOL spend a tiny amount of money to correct an error they made everyone made a song and dance about.

Well done little guy you cost AOL about 0.00001% of their money on a lawyer! Time to take down Microsoft now!